Eye-Fi – Implications for mobile adhoc networks

It looks like a company called Eye-Fi, that makes camera sd memory cards, has developed a network enabled sd card. Basically the card itself has tiny circuitry inside it that enables it to function as a wireless network adapter. A -tiny- wireless network adapted.

Although this product is interesting in itself, with claims of ‘revolutionising the way we share pictures’, which will certainly appeal to many, (Transmitting pictures to a backup at a different location while taking them will provide interesting abilities to tabloid journalists. No more “give me that camera” for instance.), this is not actually the most interesting thing about this technology.

What is interesting is the implications that arise once this technology becomes ubiquitous. There’s no reason now that full wireless capability can’t be included in any device capable of slotting one of these chips (and the underlying technology could be integrated into consumer devices as well.) and so now even the smallest of mobile phones and pda’s can support full networking.

In the modern world, near everyone carries a mobile phone. They are ubiquitous in the fullest sense of the word. What do we have then when everyone carries a mobile device with full wireless capabilities? We have a giant ad-hoc wirless network stretching over entire cities, with each person as a mobile node, we have Halting State.

We also have one giant potential security problem. I had an interesting thought experiment the other day with a friend, imagine a botnet as they currently exist, but with each conscripted node as a mobile phone rather than a computer. As an infected person walks the streets, their compromised phone could be sending wireless signals to every other phone that comes in range, attempting to subvert and spread across the network.

Now assume our perpetrator wants to utilise this botnet. To send some spam, or a ddos attack. Instead of modern botnets which often use an irc server or some central point to control, they could simply set their own version of zombie program to broadcast an activate message. Perhaps with a date and time to begin the assault, or perhaps simply “Activate now.” As the hacker walks through the city, anyone he passes who has been compromised recieves this signal, begins the commands, and begins re-sending the reactivate signal to anyone it passes. Just as the original instigator did.

Compared to the current centralised method of control, it is slow. A current botnet can launch 250 thousand bots against a single target instantly, this method requires ramp time and the command might never reach all the compromised phones as it relies on physical geography.

But how much harder would it be to trace?

There are many wonderful applications of such a node network, Stross’ Zone is only one, however it is also important to begin considering the possible risks as well, for they are many.